SlowMist issued a warning to users to beware of phishing attacks disguised as Zoom meeting links. Attackers use the domain “app[.]us4zoom[.]us” to impersonate legitimate Zoom meeting links. The webpage looks very similar to the real Zoom meeting interface. When users click the “Start Meeting” button, it triggers the download of a malicious installation package instead of starting the local Zoom client. Hackers collect user data and decrypt it to steal sensitive information such as mnemonic words and private keys. These attacks usually combine social engineering and Trojan techniques.